nginx + apache 443端口问题

nginx + apache 443端口问题

这是我的 nginx 端口 443 的配置:

server {
    listen           *:443;
    server_name      site.com;

    ssl         on;
    ssl_protocols       SSLv3 TLSv1;
    ssl_certificate     /www/certs/site.com.crt;
    ssl_certificate_key /www/certs/site.com.key;

     access_log /var/log/nginx.site.com-access_log;
    location ~* .(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
        root /www/site.com/;
        index index.html index.php;
        access_log off;
        expires 30d;
    }
    location ~ /.ht {
        deny all;
    }
    location / {
        proxy_pass http://127.0.0.1:81/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-for $remote_addr;
        proxy_set_header Host $host;
        proxy_connect_timeout 60;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_redirect off;
        proxy_set_header Connection close;
        proxy_pass_header Content-Type;
        proxy_pass_header Content-Disposition;
        proxy_pass_header Content-Length;
    }
}

问题 1:为什么要求我输入证书的 PEM 密码?如何在 nginx 配置中输入密码?

178-162-174-212:/usr/bin# service apache2 restart
Restarting web server: apache2.

178-162-174-212:/usr/bin# service nginx restart
Restarting nginx: Enter PEM pass phrase:
Enter PEM pass phrase:
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: bind() to 188.72.245.198:443 failed (98: Address already in use)
[emerg]: still could not bind()
nginx.

问题2:为什么443端口有冲突呢?

Apache 配置:

NameVirtualHost *:81
Listen 127.0.0.1:81
Listen 999

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

如果我注释掉“Listen 443”这一行,那么 site.com:443 将不起作用。

答案1

您已将 Apache 和 nginx 配置为监听端口 443。

看起来您的意图是让 nginx 控制该端口,因此您需要从 Apache 中删除该配置,然后重新启动两个服务:先重新启动 Apache,然后重新启动 nginx。这应该允许 nginx 绑定到端口 443 并处理这些请求。

至于证书密码,nginx 不支持在配置文件中保存解密私钥的密码(这对他们来说很好;由此授予的模糊性毫无价值)。解密私钥(并确保只有 nginx 正在运行的用户才能读取它):

mv /www/certs/site.com.key /www/certs/site.com.keyold
openssl rsa -in /www/certs/site.com.keyold -out /www/certs/site.com.key

相关内容